Monthly Archives: September 2010

Small business ecommerce site owners cannot afford to slack off when it comes to the Payment Card Industry Data Security Standard (PCI DSS). Its strict security requirements make being PCI compliant challenging for small retailers, but PCI DSS is a standard that all organizations must follow when storing, processing and transmitting its customer’s credit card data.

One of the easiest ways to be PCI-compliant is to outsource payment processing and work with a payment provider who has the experience, systems and security in place that meets the PCI DSS standard. By outsourcing PCI compliance you basically remove the PCI burden from your small business to a trusted provider.

The overall intent of both of these standards is to stop insecure applications from being placed in production. The intent of requirement 6.5 is to ensure that secure coding techniques are part of the system development lifecycle (SDLC) and that the most obvious errors, at the moment those are the OWASP Top 10, have been addressed during development. The intent of requirement 6.6 is to ensure that either code reviews are conducted or an application firewall is used to protect applications.

Beginning Sept. 30, Visa will require merchants and related businesses to conduct wireless security scans to prove compliance with version 1.2 of the PCI Data Security Standard (PCI DSS) which is designed to safeguard cardholder data from wireless threats.

The Trusted Computing Group and the National Institute of Standards and Technology Tuesday joined to give their blessing to the union of two technologies that each have championed: TCG with its network-access control standard called Trusted Network Connect, and NIST with its desktop-security configuration standard called the Security Control Automation Protocol

A federal grand jury in Pittsburgh has indicted a former employee at the University of Pittsburgh Medical Center for allegedly stealing patient data in the first HIPAA-related prosecution in the Western District of Pennsylvania, federal prosecutors say.

Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients’ data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant.

Research released today makes the damning assertion that, with more than half of all software failing to meet acceptable security levels, 80% of all web applications are at risk of failing a PCI audit.

When Google this month fired a programmer for using the search giant’s database to investigate an intriguing teenager, it showed that even the most sophisticated and respected technology brands can have a trusted employee go rogue. This lesson should not be lost on retail executives, who may rely on several third-party service providers to process or analyze their payments.

The Department of Health and Human Services’ Office for Civil Rights received thousands of pages of comments from hundreds of organizations by the Sept. 13 deadline. Now, the office will spend the coming weeks fine-tuning the proposal issued in July.